Adds support to ctl:requestBodyProcessor=XML

Author: zimmerle

headers/modsecurity/transaction.h

@@ -252,6 +252,11 @@ class Transaction {
      */
     RequestBodyType m_requestBodyType;
 
+    /**
+     * Holds the request body "processor"
+     */
+    RequestBodyType m_requestBodyProcessor;
+
     /**
      * Rules object utilized during this specific transaction.
      */

src/Makefile.am

@@ -68,6 +68,7 @@ ACTIONS = \
 	actions/capture.cc \
 	actions/chain.cc \
 	actions/ctl_audit_log_parts.cc \
+	actions/ctl_request_body_processor_xml.cc \
 	actions/init_col.cc \
 	actions/deny.cc \
 	actions/log_data.cc \

src/actions/ctl_request_body_processor_xml.cc

@@ -0,0 +1,34 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address [email protected].
+ *
+ */
+
+#include "actions/ctl_request_body_processor_xml.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+
+
+bool CtlRequestBodyProcessorXML::evaluate(Rule *rule, Transaction *transaction) {
+    transaction->m_requestBodyProcessor = modsecurity::Transaction::XMLRequestBody;
+    return true;
+}
+
+
+}  // namespace actions
+}  // namespace modsecurity

src/actions/ctl_request_body_processor_xml.h

@@ -0,0 +1,39 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address [email protected].
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/transaction.h"
+
+#ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_
+#define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_
+
+namespace modsecurity {
+namespace actions {
+
+
+class CtlRequestBodyProcessorXML : public Action {
+ public:
+    explicit CtlRequestBodyProcessorXML(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind) { }
+
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+};
+
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_

src/parser/seclang-parser.yy

@@ -23,6 +23,7 @@ class Driver;
 #include "actions/action.h"
 #include "actions/audit_log.h"
 #include "actions/ctl_audit_log_parts.h"
+#include "actions/ctl_request_body_processor_xml.h"
 #include "actions/init_col.h"
 #include "actions/set_sid.h"
 #include "actions/set_uid.h"
@@ -69,6 +70,7 @@ using modsecurity::ModSecurity;
 using modsecurity::actions::Accuracy;
 using modsecurity::actions::Action;
 using modsecurity::actions::CtlAuditLogParts;
+using modsecurity::actions::CtlRequestBodyProcessorXML;
 using modsecurity::actions::InitCol;
 using modsecurity::actions::SetSID;
 using modsecurity::actions::SetUID;
@@ -1094,8 +1096,7 @@ act:
       }
     | ACTION_CTL_BDY_XML
       {
-        /* not ready yet. */
-        $$ = Action::instantiate($1);
+        $$ = new modsecurity::actions::CtlRequestBodyProcessorXML($1);
       }
     | ACTION_CTL_BDY_JSON
       {

src/transaction.cc

@@ -107,6 +107,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
     m_namesArgsPost(NULL),
     m_namesArgsGet(NULL),
     m_requestBodyType(UnknownFormat),
+    m_requestBodyProcessor(UnknownFormat),
     m_requestHeadersNames(NULL),
     m_responseHeadersNames(NULL),
     m_responseContentType(NULL),
@@ -475,7 +476,6 @@ int Transaction::addRequestHeader(const std::string& key,
     if (keyl == "content-type") {
         std::string multipart("multipart/form-data");
         std::string l = tolower(value);
-
         if (l.compare(0, multipart.length(), multipart) == 0) {
             this->m_requestBodyType = MultiPartRequestBody;
         }
@@ -590,15 +590,11 @@ int Transaction::processRequestBody() {
      * 
      */
 
-    if (m_requestBodyType == XMLRequestBody) {
-        std::string *a = m_collections.resolveFirst(
-            "REQUEST_HEADERS:Content-Type");
-        if (a != NULL) {
-            if (m_xml->init() == true) {
-                m_xml->processChunk(m_requestBody.str().c_str(),
-                    m_requestBody.str().size());
-                m_xml->complete();
-            }
+    if (m_requestBodyProcessor == XMLRequestBody) {
+        if (m_xml->init() == true) {
+            m_xml->processChunk(m_requestBody.str().c_str(),
+                m_requestBody.str().size());
+            m_xml->complete();
         }
     }
 

test/test-cases/regression/action-ctl_request_body_processor.json

@@ -0,0 +1,175 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing CtlRequestBodyProcessor=XML (1)",
+    "expected":{
+      "debug_log": "Registered XML namespace href \"http://schemas.xmlsoap.org/soap/envelope/\" prefix \"soap\""
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "text/xml"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"POST",
+      "body": [
+        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>",
+        "<bookstore>",
+        "<book category=\"COOKING\">",
+          "<title lang=\"en\">Everyday Italian</title>",
+          "<author>Giada De Laurentiis</author>",
+          "<year>2005</year>",
+          "<price>30.00</price>",
+        "</book>",
+
+        "<book category=\"CHILDREN\">",
+          "<title lang=\"en\">Harry Potter</title>",
+          "<author>J K. Rowling</author>",
+          "<year>2005</year>",
+          "<price>29.99</price>",
+        "</book>",
+
+        "<book category=\"WEB\">",
+          "<title lang=\"en\">XQuery Kick Start</title>",
+          "<author>James McGovern</author>",
+          "<author>Per Bothner</author>",
+          "<author>Kurt Cagle</author>",
+          "<author>James Linn</author>",
+          "<author>Vaidyanathan Nagarajan</author>",
+          "<year>2003</year>",
+          "<price>49.99</price>",
+        "</book>",
+
+        "<book category=\"WEB\">",
+          "<title lang=\"en\">Learning XML</title>",
+          "<author>Erik T. Ray</author>",
+          "<year>2003</year>",
+          "<price>39.95</price>",
+        "</book>",
+        "</bookstore>"
+      ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRequestBodyAccess On",
+        "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"",
+        "SecRule XML:/bookstore/book/price[text()] \"Fred\" \"phase:3,id:123,xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing CtlRequestBodyProcessor=XML (2)",
+    "expected":{
+      "debug_log": "XML: No XML document found, returning"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "text/xml"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"POST",
+      "body": [
+        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>",
+        "<bookstore>",
+        "<book category=\"COOKING\">",
+          "<title lang=\"en\">Everyday Italian</title>",
+          "<author>Giada De Laurentiis</author>",
+          "<year>2005</year>",
+          "<price>30.00</price>",
+        "</book>",
+
+        "<book category=\"CHILDREN\">",
+          "<title lang=\"en\">Harry Potter</title>",
+          "<author>J K. Rowling</author>",
+          "<year>2005</year>",
+          "<price>29.99</price>",
+        "</book>",
+
+        "<book category=\"WEB\">",
+          "<title lang=\"en\">XQuery Kick Start</title>",
+          "<author>James McGovern</author>",
+          "<author>Per Bothner</author>",
+          "<author>Kurt Cagle</author>",
+          "<author>James Linn</author>",
+          "<author>Vaidyanathan Nagarajan</author>",
+          "<year>2003</year>",
+          "<price>49.99</price>",
+        "</book>",
+
+        "<book category=\"WEB\">",
+          "<title lang=\"en\">Learning XML</title>",
+          "<author>Erik T. Ray</author>",
+          "<year>2003</year>",
+          "<price>39.95</price>",
+        "</book>",
+        "</bookstore>"
+      ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRequestBodyAccess On",
+        "SecRule XML:/bookstore/book/price[text()] \"Fred\" \"phase:3,id:123,xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'\""
+    ]
+  },
+   {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing CtlRequestBodyProcessor=XML (3)",
+    "expected":{
+      "debug_log": "XML: Failed parsing document."
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "text/xml"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"POST",
+      "body": [
+        "not a xml"
+      ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRequestBodyAccess On",
+        "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"",
+        "SecRule XML:/bookstore/book/price[text()] \"Fred\" \"phase:3,id:123,xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'\""
+    ]
+  }
+]